Lateral Phishing – Malevolent Emails From Trusted Accounts


There has been a lot of attention on the dangers and frequency of phishing attacks and the threat they pose for small businesses and our personal online identity. Phishing is a type of cyberattack in which a malevolent actor sends an email that appears to be from a legitimate source with the intent of doing harm (i.e. stealing information, holding information ransom, etc.)

Thankfully, the increased awareness of phishing has led to a decrease in the success of these attacks. In response, hackers have modified the practice and have started launching “lateral phishing” attacks.

What is lateral phishing?

Lateral phishing attacks come from compromised email accounts within an organization the recipient is a part of, or from accounts that the recipient knows personally. So instead of an email being sent from an unknown address that appears legitimate, lateral phishing emails come from accounts that the recipient knows to be legitimate (e.g. a co-worker, familiar vendors, or even personal friends). As a result, these types of attacks are almost always successful.

How To Protect Yourself and Your Business

It can be difficult to identify these attacks before becoming a victim. After all, if you see an email come in from a person you know, it most likely doesn’t trigger any suspicion. As lateral phishing attacks increase, users should be increasingly mindful and cautious.

There are three main strategies for protection:

  • Security Awareness Training: Training should occur regularly, as hackers are consistently updating their strategies. Precautionary measures developed in response to phishing will not prevent lateral phishing. If an email comes from a familiar address, the recipient should still check the legitimacy of links and files included in the email. Email the sender to double-check if they sent the email before opening links or downloading files.
  • Advanced Detection Techniques: Business owners should prioritize security and invest in tools to help protect the integrity and security of their networks.
  • Two Factor Authentication: We’ve discussed 2FA in previous blogs. While some hackers have found ways to surpass this mechanism, it still offers protection if used properly in conjunction with other security measures that should be put in place and maintained.

The sooner you take steps to increase cybersecurity, the more prepared you’ll be when a threat arises. Contact our experienced attorneys today!

If you have any questions about security measures you can take to protect your accounts or small business, or if you believe you have been a victim of a cyberattack, please contact us by calling 888-691-9319, or fill out this short form to get started.

Visit these links for related information

Cybersecurity & Data Privacy
How Often Should I Update My Passwords?
Hacks From The Past Can Still Be A Threat Today

Parks Zeigler, PLLC – Attorneys At Law

Parks Zeigler, PLLC – Attorneys At Law N/a
4768 Euclid Road,
Suite 103

Virginia Beach, Virginia 23462
Map & Directions
524 Albemarle Drive,
Suite 200

Chesapeake, Virginia 23322
Map & Directions
200 N. Water Street,
Suite 2A

Elizabeth City, NC 27909
Map & Directions